Credit

Masaki Kubo and Yoshiki Mori of Cybersecurity Laboratory, National Institute of Information and Communications Technology reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.